Jump to content

Zero Access Rootkit

jesseg

By jesseg
in Resolved Malware Removal Logs

 Share

Recommended Posts

jesseg

jesseg

Posted
Posted

Hi,

I "have" been recently infected with zeroaccess rootkit...

I have run the combofix, which told that I had the rootkit....

Combofix cleaned it.

I then ran TDSSkiller, ESET Online Scanner and a some tools....

I am not sure if I have been cleaned completely, no google redirects or ping.exe issues...

All seems to run well...

Just wanted my combofix log file looked at...

Thanks

here is the log file :

ComboFix 13-04-22.01 - jesseg 04/22/2013 20:53:57.5.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3236.1962 [GMT 2:00]

Running from: c:\users\jesseg\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\3002.abs

c:\programdata\3002.xml

.

.

((((((((((((((((((((((((( Files Created from 2013-03-22 to 2013-04-22 )))))))))))))))))))))))))))))))

.

.

2013-04-22 19:02 . 2013-04-22 19:02 -------- d-----w- c:\users\jesseg\AppData\Local\temp

2013-04-22 14:54 . 2013-04-22 14:54 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAF040C2-C39F-499D-98DA-BFB8320591AC}\MpKsl9f7fb70f.sys

2013-04-22 06:50 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAF040C2-C39F-499D-98DA-BFB8320591AC}\mpengine.dll

2013-04-20 18:35 . 2013-04-20 18:44 -------- d-----w- c:\programdata\OnlineArmor

2013-04-20 18:35 . 2013-04-20 18:35 -------- d-----w- c:\users\jesseg\AppData\Roaming\OnlineArmor

2013-04-20 18:34 . 2012-10-02 13:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2013-04-20 18:34 . 2012-10-02 13:02 31768 ----a-w- c:\windows\system32\drivers\OAnet.sys

2013-04-20 18:34 . 2012-10-02 13:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys

2013-04-20 18:34 . 2012-10-02 13:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys

2013-04-20 18:33 . 2013-04-21 18:37 -------- d-----w- c:\program files\Online Armor

2013-04-20 18:06 . 2013-04-20 18:33 -------- d-----w- c:\program files\NirSoft

2013-04-20 16:20 . 2013-04-20 16:20 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B518F6D4-A515-49FA-91F3-E0D6F07080F6}\gapaengine.dll

2013-04-20 16:20 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-20 16:15 . 2013-04-20 16:16 -------- d-----w- c:\program files\Microsoft Security Client

2013-04-20 15:14 . 2013-04-20 15:14 -------- d-----w- c:\users\jesseg\AppData\Roaming\Malwarebytes

2013-04-20 15:14 . 2013-04-20 15:14 -------- d-----w- c:\programdata\Malwarebytes

2013-04-20 15:14 . 2013-04-20 15:14 -------- d-----w- c:\users\jesseg\AppData\Local\Programs

2013-04-20 12:41 . 2013-04-20 12:41 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55BE735D-DA34-4814-BF66-B4C52FF2162E}\offreg.dll

2013-04-20 11:03 . 2013-04-20 11:03 181064 ----a-w- c:\windows\PSEXESVC.EXE

2013-04-20 09:57 . 2013-04-20 18:32 -------- d-----w- c:\program files\Free Window Registry Repair

2013-04-20 08:23 . 2013-04-20 08:23 224256 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

2013-04-20 08:22 . 2013-04-20 17:51 -------- d-----w- c:\program files\Mega Codec Pack

2013-04-19 01:04 . 2013-04-19 01:04 -------- d-----w- c:\users\jesseg\AppData\Local\sabnzbd

2013-04-19 01:03 . 2013-04-19 01:03 -------- d-----w- c:\program files\SABnzbd

2013-04-18 23:29 . 2013-04-20 18:32 -------- d-----w- c:\users\jesseg\AppData\Roaming\DMCache

2013-04-14 13:30 . 2013-04-14 13:30 -------- d-----w- c:\users\jesseg\AppData\Roaming\Apple Computer

2013-04-13 22:01 . 2013-04-13 22:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2013-04-13 22:01 . 2013-04-13 22:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2013-04-13 22:01 . 2013-04-13 22:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-04-13 22:01 . 2013-04-13 22:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-04-13 22:01 . 2013-04-13 22:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-04-13 22:01 . 2013-04-13 22:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-04-13 22:01 . 2013-04-13 22:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-04-13 22:00 . 2013-04-13 22:01 -------- d-----w- c:\program files\QuickTime

2013-04-13 22:00 . 2013-04-13 22:00 -------- d-----w- c:\programdata\Apple Computer

2013-04-13 21:59 . 2013-04-13 21:59 -------- d-----w- c:\program files\Common Files\Apple

2013-04-13 21:59 . 2013-04-13 21:59 -------- d-----w- c:\users\jesseg\AppData\Local\Apple

2013-04-13 21:59 . 2013-04-13 21:59 -------- d-----w- c:\program files\Apple Software Update

2013-04-13 21:59 . 2013-04-13 21:59 -------- d-----w- c:\programdata\Apple

2013-04-13 20:10 . 2013-04-13 20:10 -------- d-----w- c:\programdata\FLEXnet

2013-04-13 19:39 . 2013-04-13 19:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2013-04-13 17:10 . 2013-04-13 17:10 -------- d-----w- c:\users\jesseg\AppData\Roaming\BANDISOFT

2013-04-13 17:10 . 2013-04-13 17:10 -------- d-----w- c:\program files\Bandicam

2013-04-13 17:10 . 2013-04-13 17:10 -------- d-----w- c:\program files\BandiMPEG1

2013-04-13 16:38 . 2013-04-13 16:38 -------- d-----w- c:\users\jesseg\AppData\Local\Noël Danjou

2013-04-13 16:38 . 2013-04-13 19:00 -------- d-----w- c:\program files\Noël Danjou

2013-04-13 16:05 . 2013-04-13 16:05 -------- d-----w- c:\program files\AmaRecTV Live

2013-04-13 16:00 . 2013-04-13 16:01 -------- d-----w- c:\users\jesseg\AppData\Roaming\AmvVideoCodec

2013-04-13 16:00 . 2013-04-13 16:00 -------- d-----w- c:\program files\AmvVideoCodec

2013-04-13 15:21 . 2013-04-13 15:21 -------- d-----w- c:\users\jesseg\AppData\Local\Diagnostics

2013-04-13 14:01 . 2013-04-13 15:33 -------- d-----w- c:\users\jesseg\AppData\Roaming\Ulead Systems

2013-04-13 13:45 . 2013-04-13 13:45 -------- d-----w- c:\programdata\InstallShield

2013-04-13 13:45 . 2005-06-10 02:44 81920 ------r- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

2013-04-13 13:45 . 2005-06-10 02:44 368640 ------r- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll

2013-04-13 13:45 . 2005-06-10 02:44 278528 ------r- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe

2013-04-13 13:45 . 2013-04-13 13:45 -------- d-----w- c:\program files\Windows Media Components

2013-04-13 13:35 . 2013-04-17 17:38 -------- d-----w- c:\programdata\Ulead Systems

2013-04-13 13:35 . 2005-06-10 02:44 618496 ------r- c:\program files\Common Files\InstallShield\UpdateService\agent.exe

2013-04-13 13:28 . 2010-04-16 11:59 236168 ----a-w- c:\windows\system32\StkCProp.ax

2013-04-13 13:28 . 2010-03-29 18:35 84616 ----a-w- c:\windows\StkUnist.exe

2013-04-13 13:28 . 2010-03-26 18:24 55944 ----a-w- c:\windows\system32\StkSSrv.dll

2013-04-13 13:28 . 2010-03-26 18:24 76424 ----a-w- c:\windows\system32\StkCWIA.dll

2013-04-13 13:28 . 2010-03-26 18:23 31368 ----a-w- c:\windows\system32\StkCSrv.exe

2013-04-13 13:28 . 2009-06-11 13:15 347152 ----a-w- c:\windows\VideoView.exe

2013-04-13 13:28 . 2010-03-26 18:23 113288 ----a-w- c:\windows\StkC112X.exe

2013-04-13 13:28 . 2009-05-03 13:04 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys

2013-04-13 13:28 . 2010-04-16 11:59 1521544 ----a-w- c:\windows\system32\drivers\StkCMini.sys

2013-04-13 13:28 . 2010-03-26 13:43 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys

2013-04-13 13:28 . 2013-04-13 13:28 -------- d-----w- c:\users\jesseg\AppData\Roaming\InstallShield

2013-04-12 11:01 . 2013-04-12 11:06 -------- d-----w- C:\UBCD4Win

2013-04-11 17:47 . 2013-04-11 17:47 -------- d-----w- c:\program files\Paint.NET

2013-04-11 17:46 . 2013-04-11 17:55 -------- d-----w- c:\users\jesseg\AppData\Local\Paint.NET

2013-04-11 17:29 . 2013-04-11 17:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-04-11 12:17 . 2013-04-11 12:18 -------- d-----w- c:\users\tom

2013-04-10 15:16 . 2013-04-10 15:51 -------- d-----w- c:\programdata\Visual CertExam Suite

2013-04-10 15:16 . 2013-04-10 15:16 -------- d-----w- c:\program files\Visual CertExam Suite

2013-04-09 13:06 . 2013-04-09 13:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-04-09 10:43 . 2010-08-19 17:22 409600 ----a-w- C:\rescue2usb.exe

2013-04-09 10:43 . 2009-10-16 14:43 237849 ----a-w- C:\grub.exe

2013-04-08 16:45 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe

2013-04-08 16:43 . 2013-04-08 16:43 -------- d-----w- c:\program files\AVAST Software

2013-04-08 16:42 . 2013-04-08 16:43 -------- d-----w- c:\programdata\AVAST Software

2013-04-05 09:47 . 2013-04-20 09:38 -------- d-----w- C:\Stinger_Quarantine

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-22 16:58 . 2012-11-15 17:54 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2013-04-20 18:41 . 2012-11-15 08:43 69792 ----a-w- c:\windows\system32\rpcnet.dll

2013-04-20 09:40 . 2013-01-20 17:34 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-04-20 09:36 . 2012-11-15 17:55 17920 ----a-w- c:\windows\system32\rpcnetp.dll

2013-04-02 10:33 . 2012-11-21 16:58 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-03-07 08:10 . 2009-12-21 10:57 69792 ------w- c:\windows\system32\rpcnet.exe

2013-02-28 13:37 . 2013-03-18 08:14 981504 ----a-w- c:\windows\system32\wininet.dll

2013-02-28 11:38 . 2013-03-18 08:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-26 06:55 . 2013-02-26 06:55 65536 ----a-w- c:\windows\system32\frapsvid.dll

2013-02-12 04:48 . 2013-03-18 08:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-18 08:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 03:32 . 2013-03-18 08:19 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-01-24 12:50 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]

@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"

[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]

2013-04-20 08:23 224256 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-01 142616]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-01 177432]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-01 176408]

"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-03-03 1812264]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-18 10025576]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1210640]

"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2011-03-30 9902352]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2013-01-21 149280]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2012-10-02 2415104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hotkey.lnk - c:\program files\Hotkey\Hotkey.exe [2011-3-21 3077120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-10-02 366440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

R3 MFE_RR;MFE_RR;c:\users\jesseg\AppData\Local\Temp\mfe_rr.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 MpKsl9f7fb70f;MpKsl9f7fb70f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAF040C2-C39F-499D-98DA-BFB8320591AC}\MpKsl9f7fb70f.sys [x]

S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [x]

S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [x]

S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [x]

S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [x]

S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [x]

S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]

S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [x]

S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [x]

S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL781CF4C9

*NewlyCreated* - MPKSL9F7FB70F

*Deregistered* - MpKsl781cf4c9

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

GPSvcGroup REG_MULTI_SZ GPSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-11 06:30 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-23 08:24]

.

2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-23 08:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.mecer.co.za

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-22 21:04:43

ComboFix-quarantined-files.txt 2013-04-22 19:04

ComboFix2.txt 2013-04-20 15:08

.

Pre-Run: 126,732,365,824 bytes free

Post-Run: 126,675,623,936 bytes free

.

- - End Of File - - 21946D64E143DBD717958FC81F8BFE12

I tried to understand this log file but for the life of me could not understand it....

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello Jesseg,

Backdoor trojan warning:ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you decide.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.